<?php

namespace App\Http\Middleware\Api;

use Closure;
use Illuminate\Auth\Access\AuthorizationException;

class CheckPermission
{
    /**
     * Handle an incoming request.
     *
     * @param \Illuminate\Http\Request $request
     * @param \Closure $next
     * @return mixed
     * @throws AuthorizationException
     */
    public function handle(\Illuminate\Http\Request $request, Closure $next)
    {
        if (!$request->user()->isAdmin() && !$request->user()->can($request->route()->getName())) {
            throw new AuthorizationException('权限不足');
        }

        return $next($request);
    }
}
